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METHOD OF IMPROVING SECURITY IN ELECTRONIC TRANSACTIONS 



5 Background of the Invention 

This invention relates to methods of improving security in transacting 
electronic commerce. More specifically, the invention defines a framework which 
enables trusted brokers running in an insecure network such as the Internet to offer 
10 more secure payment facilities. 

Electronic commerce is based on the electronic exchange of items, one of the 
typical exchanges is an electronic payment but it may also be a digitally signed 
contract. An important requirement for security in the exchange of items is fairness. 

15 An exchange is fair if, at the end of the transaction, either party receives the item he 
expected, neither party receives it, or each party obtains a legally binding receipt of the 
transaction which can be submitted to a third party for resolution, in the event that the 
received item does not meet expectations. At present, such commerce is typically 
conducted directly between a user and a merchant (of course, with the intervention of a 

20 bank in obtaining payment), representing a direct point-to-point contact on the Internet. 
In the context of electronic commerce, transactions or exchanges may be carried out 
over insecure networks. Unfortunately, it is possible for a hacker to exploit 
vulnerabilities in protocols and applications or to corrupt systems used by the other 
party. Therefore, carefully designed exchange protocols are used to help guarantee 

25 security in electronic commerce transactions. The Secure Socket Layer or "SSL" 
secure communication protocol, introduced by Netscape in 1994, is an example of such 
a protocol. This protocol provides encryption and authentication between web 
browsers and servers, such as between users and merchants, and is characterized by 
requiring very little processing power to utilize. SSL is commonly used for sending 

30 encrypted credit card numbers over the Internet. A substantially more secure payment 
protocol, requiring significantly greater computing power, was introduced by 
Mastercard, VISA, and others in February, 1996 (upgraded in June, 1996). This 
protocol is known as the Secure Electronic Transaction or "SET" protocol. Its purpose 
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is to provide confidentiality of information, ensure payment integrity, and authenticate both 
merchants and cardholders. The current computing requirements for implementing the SET 
protocol make it inappropriate as a protocol for shopper/users to run directly from their 
browser. If such were used by the user, for example, in downloading an applet, download- 

5 ing times and performance losses jwould likely increase to unacceptable levels. 

Further, unless the user has some mechanism of fair exchange, the user must trust the 
merchant, an entity with whom lit user may not have had dealings and about which he is 
only able to obtain information from the merchant himself. The justifiable lack of trust in a 
merchant-server's self certification (e.g., the fear of merchant fraud) tends to limit the 

10 growth and acceptability of electtordc commerce. Therefore, even when organizations use 
the SET protocol to perform payment functions, the user's lack of anonymity is a 
disadvantage. j 

The prior art describes various attempts at improving security. These attempted solutions 
fall into two categories: (1) third (party protocols which make use of a trusted, on-line third 

15 party who is typically registered k such by a neutral entity, and (2) gradual exchange proto- 
cols in which the probability of obtaining a Mr exchange is gradually increased over several 
rounds of communications. In common commercial terms, this Jatter protocol is comparable 
to a "course of dealing" between! the parties involved in the exchange. In the trusted third 
party approach, organizations managing a trusted third party must conform to a number of 

20 requirements. For example, a trusted third. party may be required to (1) meet minimum 
financial criteria, (2) to possess insurance against fraud, and (3) be socially credible. Proper 
adherence to and implementation of these requirements ensures that information disclosed 
by users to a trusted third party isj handled in a secure manner. 

In US A 5592 375 a system for brokering goods or services between buyers and sellers is 
25 described whereby the buyer is provided an aid in selecting among the variety of products. 
The buyer and the seller are connected to computers via a brokering system including a 
database, a customers interface'W a buyers interface. The buyers interface provides a 
knowledge based interactive protjocol enabling the buyer to select and review the respective 
information from the database. The session between the buyer and his client is rendered 
30 secure by using the identification of the buyer and some security information. The system 
can be particularly used for assisting an employer in hiring. 
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EP A 0854 462 discloses a systda with a broker server which is arranged in between a 

i 

customer and a merchant and a method of trading in two steps including sending electronic 
money from the consumer to broker's server and from the brokers, to the merchant 
Cryptography maybe used to transmit and receive data fox achieving confidence and authen- 
5 tication. j 

The prior art solutions have shortcomings. For example, the third party method runs the risk 
of the third party becoming a bottleneck due to the fact that a 

i 

! 



Pfjnte 2r1 . : j 



1 



WO 00/17834 



-3- 



PCT/IB99/01494 



single trusted third party may be asked to serve as such in a number of widely varying 
transactions. 

Alternate fair-exchange protocols involve the use of third party servers in 
exceptional circumstances, such as in the case of disputes. For example, both parties 
agree on the items to be exchanged and which third party to use in case of an 
exception. This is known as the optimistic approach to using a third party. Only the 
risk-taking party (the originator) may invoke the third party (due to the customer being 
unsatisfied with the bought merchandise). The merchant may also complain as well 
(e.g., regarding an invalid check). Thus, this method helps overcome the traditional 
risk of the trusted third party becoming a bottle neck, but limits the recourse of the 
other party. Other approaches have used an overall time limit parameter which ensures 
that, should the risk-taking party not invoke the third party, the other party will be able 
to resolve the transaction. 

Other methods have been developed with varying degrees of effectiveness. 
Most either lack sufficient effectiveness, do not provide anonymity, or require 
substantial processing time or processing power on the part of the parties involved. 

Therefore, what is needed is a method of improving the security of an 
electronic exchange (with both fair exchange and anonymity of the user) which does 
not require excessive processor time or increase the hardware requirements of the user. 

Summary of the Invention 

A computerized method of transacting electronic commerce in an insecure 
network is provided which improves data security in the insecure network. The 
method operates on and between a user which has established a commercial 
relationship with a trusted third party, and merchants. The method utilizes network 
links between (1) the user and the trusted third party broker and (2) the trusted third 
party broker and the merchants. The method further utilizes protocols which are 
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selected, at least in part, on the basis of the computer resources which may be expected 
to be available in each network link. Applying this method, a user can use a protocol 
requiring less computer resources than those required by SET, but at the same time, 
maintaining acceptable security levels through the use of the SET protocol by the 
trusted third party broker. 

In a feature of the invention, the computerized method includes the steps of (a) 
permitting the user, using a browser and a low resource-intensive protocol to access the 
trusted third party broker in order to request broker services; (b) the trusted third party 
broker gathering information from web servers of the merchants offering competitive 
products which the broker believes may satisfy the user's request; (c) the browser 
presenting an interactive window to the user which allows the user to compare 
differences between the competitive products and choose between the competitive 
products; (d) the user choosing between the competitive products, thus selecting a 
merchant and issuing a payment order through the trusted third party broker for the 
benefit of the merchant; (e) the trusted third party broker transmitting the payment 
order to the merchant using a highly secure payment protocol, thus paying the 
merchant on behalf of the user; and (f) the merchant and a bank cooperating using, for 
example, the SET protocol, enabling the merchant to securely receive payment from 
the bank. 

In another feature of the invention, the computerized method has the additional 
step of providing confirmation of payment on the payment order to the user. 

In another feature of the invention, the browser is JAVA-enabled and the 
interactive window is an applet utilizing CGI technology. 

An object of the invention is to provide support for fair exchange and 
anonymity of the user with respect to the merchant. 
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Another object of the invention is to provide an efficient and secure means of 
permitting electronic commerce in products which traditionally have not been available 
electronically, such as insurance products. 

5 Another object of the invention is to provide a means for users of Personal 

Digital Assistants ("PDAs"), mobile phones, or hand-held computers to use such 
devices to more securely transact electronic commerce. 

Another object of the invention is to permit the transaction of electronic 
10 commerce with maximum security (given available computer resources) within a 
commercially acceptable time frame. 

Brief Description of the Drawings 

15 Fig. 1 is a block diagram of the method of the invention. 

Fig. 2 is a block diagram of the method of the invention applied in the context of 
vending travel insurance. 

Fig. 3 is a flow chart of the method of the invention. 

Fig. 4 is a layout view of an interactive user interface of the method of the invention, 
20 applied in the context of vending auto insurance. 

Fig. 5 is a layout view of a second interactive user interface used in the method of the 
invention. 

Figs. 6a - 6c are flow charts of the three submethods of the invention. 

25 Detailed Description of the Preferred Embodiment 

As shown in Fig. 1, a computerized method 10 of improving data security in 
electronic commerce transacted in an insecure network 12 is provided. The method 10 
is particularly suited to network connections 14 (shown in solid and dashed lines) 
30 having limited computing resources such as on a user side 16, the side of the network 
connection to which a user or client 18 connects. 
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In an insurance context, representing a first embodiment of the invention, the 
method 10 operates on and between merchants 20a - 20d who sell insurance and a user 
18 which has established a commercial relationship with a trusted third party broker 
("TTP") 22 of insurance policies (i.e., an insurance broker). The commercial 

5 relationship is established by the user 18 at least to the extent that the user is aware that 
he is making a payment which will be redirected by the TTP 22. The TTP 22 is a 
trusted server which receives and processes requests for information about products or 
services, such as insurance policies, on the insecure network 12 such as the Internet. 
The method 10 achieves improved security in payments by splitting the payment into 

10 two parts: (1) that associated with the network link 14 between the user 18 and the TTP 
22, and (2) that associated with the network link 24 between the TTP and the 
merchants 20a - 20d. The method 10 utilizes protocols which are selected, at least in 
part, on the basis of the computer resources which may be expected to be available in 
each network link 14 and 24. 

15 

Because computing resources on the user side 16 of the network link 14 
between the user 18 and the TTP 22 are generally limited, the SSL protocol is used. 
SSL is a simple protocol which does not require extraordinary computing resources of 
the user 18. Although the user 18 cannot use the non-repudiation features that 
20 otherwise would be available for use with the SET protocol, the user can assure 
himself of security by verifying the authenticity of the TTP 22, thus increasing his level 
of trust in the server of the TTP. 

Because computing resources between the TTP 22 and the merchant 20a, 20b, 
25 20c, or 20d are generally greater than those available on the user side 16, the SET 
protocol is used to direct user payments through a server of an appropriate merchant 
server, e.g., merchant 20d, and to secure the transaction between the merchant server 
and its bank 26. This helps assure the user 18 that payments made by the TTP 22 on 
his or her behalf will be made with a very high level of security. Further, because the 
30 transaction is made through the TTP 22, the identify of the user 18 need not be 
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revealed to the merchant 20d, thus making the transaction untraceable against 
observers and providing anonymity (with respect to the merchant) in the payment 
transaction for the user as well. Thus, only the TTP 22 need know the identity of the 
user 18. 

5 

The additional security features of user anonymity and untraceability against 
observers are advantageously utilized in another context, that of an employment search. 
In this context, the TTP 22 is the employment service or executive search firm, 
certified by a certification authority, and the merchants 20a - 20d are the prospective 

10 employers. The anonymity and untraceability features are advantageous in job 
searching where many job-seeker users 18 may wish to remain anonymous until an 
employment contract is signed. The process of the user 18 sending a payment order as 
described above is analogous to the job-seeker user sending a CV or resume to a 
prospective employer. The job-seeker user 18 will send his CV to the TTP 22 through 

15 a secure channel using the SSL protocol. The CV will not indicate identifying 
information of the job-seeker user 18, such as his name, address, or current place of 
employment. Thus, negotiations can take place between the three parties while 
maintaining anonymity of some of the details of the job-seeker user 18. The TTP 22 
then matches the requirements of employers and job-seeker users 18. Once the match 

20 takes place, either the job-seeker user 18 or an employer-"merchant" 20d will perform 
a SET payment to the TTP 22 for the service. It should be noted that in this case, a 
SET payment is made to the TTP 22. This is different from that of the insurance 
context described above in which the user 18 makes payment to the merchant 20d 
through the TTP 22. 



25 
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In a feature of the invention, a mechanism which enables browsers to verify the 
"trustiness" of the server is added, thus providing users 18 with a means of verifying 
that a server of a TTP 22 which claims to be a trusted server is, in fact, trusted. This is 
accomplished by displaying a unique identifying icon (not shown) when certificates of 
5 certain types are received. The identifying icon is registered with a certification 
authority who is responsible for identifying infringers and maintaining the integrity of 
the icon. In addition, the TTP 22 itself may serve as a secondary certification 
authority. The TTP 22 accomplishes this secondary certification role in part by 
maintaining a list of infringers, merchants 20a - 20d, and users 18 which have 
10 previously misbehaved, e.g., those who have not fulfilled an agreement established 
after a dispute was resolved. When a particular user 18 (or merchant 20d in the 
employment search context) is involved in a transaction, the TTP 22 is able to 
recognize the user's (or merchant's) signature and then mark the signature with an icon, 
thus maintaining the anonymity of the payor. 

15 

In an alternate embodiment of the invention, as depicted in Fig. 2, a TTP 22' is 
resident in a local machine 28 with which a user 18 directly and physically interfaces. 
The machine 28 includes a housing 30 enclosing a server 32 loaded with data and 
software necessary to enable the server to act as a TTP 22'; an X-terminal 34 including 

20 a keyboard 36, the X-terminal communicating with the server, optionally, an 
Automated Teller Machine subsystem ("ATM") 40 having a card reader 42 to receive 
and process payments made with a bank card or SMART CARD 44 and a flight ticket 
reader 46; and a network device 48 which connects the server to the Internet or other 
non-private or semi-private network 12. This machine 28 is particularly applicable for 

25 use as a travel insurance machine at an airport, where the merchants are insurance 
companies 20a' - 20d\ the TTP 22' is an insurance broker, and the product is the travel 
insurance policy. Note that an insurance policy is also widely considered a service. 
Therefore, the term "product" as used throughout this specification is interchangeable 
with the term "service" and should not be construed as limiting. This machine 28 thus 

30 enables traveller-users 18 to purchase insurance products prior to boarding an airplane. 
Further, because of its physical characteristics, this machine 28 may be accompanied 
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by a physical visual device such as a sign 50 to attract the attention of passers-by. 
Traveller-users 18 may introduce a machine-readable flight ticket 52 into the reader 46 
and, for example, the SMARTCARD 44 in the reader 42, of the ATM 40. The ATM 
40 reads the flight details from the ticket 52 and presents a list of insurance policies 

5 and services corresponding to the user's flight using a multimedia browser. Note that 
an example of a multimedia browser/interactive user interface 110 is shown in Fig. 4, 
in the context of vending automobile insurance. Once the traveller-user 18 decides to 
buy such a product, a digitally signed statement from the selected insurance merchant 
20d' is stored in the SMARTCARD 44 (or in the TTP 22' in case of using a flight 

10 ticket 52 alone), and a payment to the insurance merchant is performed over the 
network 12. Use of the machine 28 in this closed system is advantageous because, 
where the X-terminal 34 interacts with a browser 54, the user 18 may utilize (1) SSL 
locally between an X-terminal input or the browser and the TTP 22', even if both are in 
the same machine, and receive anonymity through the use of the TTP, and (2) SET 

15 between the TTP and the selected insurance merchant 20d\ It should be noted that 
even when the system appears closed, a hacker may still have been able to introduce a 
virus or a splice which can attack or intercept communications on either network link 
12 or 24; therefore, all intra-process communications are encrypted. Further, the 
machine 28 can optionally be utilized for enabling the traveller-user 18 to browse and 

20 purchase airline tickets at the airport through a TTP. In this case, the merchants 20a' - 
20d' would be airline carriers. 

In the above embodiment, in which the user interface (such as the X-terminal 
34) and the TTP 22' are located at the same location, a degree of anonymity on the part 
25 of the user 18 is lost (as compared to the embodiment in which the TTP is remote from 
the user interface). In addition, any visual devices 50 provided on site will not be 
viewable and thus would have no effect on those users accessing the TTP from remote 
points in the network 12. However, the advantage of anonymity remains with respect 
to those observers not physically present at the physical location of the machine 28. 



30 
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Referring now to Figs. 1 and 3, the computerized method of the invention 
includes the following steps. 

In an accessing step 100, the method enables the user 18, preferably using a 
5 JAVA-enabled browser 102 (shown in Fig. 1) and a low resource-intensive secure 
communication protocol (i.e., a secure communications protocol demanding lesser 
computer resources than SET), such as SSL, to access the TTP 22 in order to request 
broker services (JAVA is a trademark, registered to Sun Microsystems, which 
identifies a programming language designed for creating small program objects for 

10 operation in a distributed environment such as the Internet 12). In this step 100, where 
the JAVA programming language is used, a JAVA applet, running on the user's 
machine, sends the user's request to the TTP 22 (a JAVA applet is a proprietary 
application program which is usually built into the JAVA programming language). 
Some of the built-in writing and drawing applets that come with WINDOWS 

15 (trademark of Microsoft Corporation) may also be used together with or in lieu of a 
JAVA applet. Further, other Internet technologies may substitute for these proprietary 
programs, but standardization of Internet communication makes these programs the 
practical choice. 

20 In an information gathering step 106, the TTP 22 gathers information from web 

servers of the merchants 20a - 20d which offer competitive products which the TTP 
believes may satisfy the request of the user 18. Any gathering process may be used. 
For example, the TTP 22 may access its own database in which the TTP maintains 
information about all merchants. 

25 
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In a comparing step 108, the browser 102 presents interactive windows or 
applets 110 and 112, shown in Figs. 4 and 5, respectively, to the user 18 which allows 
the user to compare differences between the products offered by competing merchants 
20a - 20d and choose between the competitive products. The applet 110 allows the 
5 user 18 to contrast differences between similar products offered by the competing 
merchants 20a - 20d and choose the most suitable for his or her requirements. The 
applet 112 also offers a "pay" function 114. These features are obtained through the 
use of Common Gateway Interface or "CGI" technology, a protocol for dynamic 
content on the Internet, to dynamically create HTML pages. CGI technology is well 

10 known in the art as a means which allows the creation of web pages on demand while 
the user 18 is on-line, the creation of such pages being based on information from 
buttons, checkboxes, text inputs, and other user inputs. These CGI dynamically-created 
pages can constitute images, sounds, text and almost anything other visual or audio 
device which can be transferred through the Internet 12. Such dynamically created 

15 pages may also reference other web pages via hypertext. The clicking on this hypertext 
by the user 18 may generate a frame with the applet displaying a graphic sourced from 
the server of a particular merchant 20a - 20d. 

In a selecting step 120, the user 18 chooses between the competitive products, 
20 thus selecting a merchant 20d. 

In a first payment step 130, the user 18 activates the "pay" function 114, thus 
issuing a payment order to the TTP 22. The "pay" function 114 is a part of an 
interactive window graphical interface or applet 112. The payment is performed using 
25 the applet 112 running on the user's machine which sends the user's sensitive financial 
information, encrypted with the SSL protocol using the encryption key of the TTP 22, 
to the TTP. Because the TTP 22 is a Trusted Third Party, this should present minimal 
security risk to the user. For example, a payment order form may be created using CGI 
technology and such may be sent as an applet to the TTP 22. 
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In a second payment step 140, the TTP 22 decrypts the payment information 
and transmits the payment order to the merchant 20d using a highly secure payment 
protocol, thus paying the merchant on behalf of the user 18. This transmission of 
credit card information is preferably "tunneled" via a tunnel 134 (shown in Fig. 1) to 
5 the server of the merchant 20d offering the selected products. "Tunneling" is yet 
another security protocol which allows the use of the Internet 12 as part of a private 
secure network, thus creating a virtual private network over the Internet using public 
lines. This helps eliminate the need of leasing lines for wide-area communication by 
permitting secure use of public networks. This part of the transaction takes place using 
10 the SET protocol. 

In a third payment step 150, the merchant 20d and an associated bank 26 
cooperate, again using the SET protocol, to enable the merchant to receive payments 
from the bank. In order to perform a SET payment, the TTP 22 encrypts the user's 

15 credit card information with the bank's public key. In this way, the merchant 20d 
cannot see any financial details about the user 18— only the bank 26 can decrypt this 
information. In addition, the TTP 22 verifies the merchant's certificate (identity) of the 
merchant 20d and sends its own certificate in the payment order. This payment order 
is encrypted with the merchant's public key, and therefore, no messages are sent in 

20 plain over the network 12. The merchant 20d then decrypts the message and sends the 
encrypted credit card information to the bank 26. The bank 26 processes the payment 
order, and issues a positive authorization for payment only if the balance on the bank 
account of the user 18 allows the payment. 
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In another feature of the invention, the computerized method 10 includes the 
additional step 160 of providing confirmation of payment on the payment order to the 
user 18 prior to delivery of the product purchased. In this step, the merchant 20d 
returns a message to the TTP 22 indicating whether or not the payment was successful. 
5 The TTP 22 then transmits this information to the user 18. When the payment is 
successful, this message can be used to prove legal liabilities, i.e., it can be considered 
as the receipt of the purchase. This receipt, once signed by all parties involved in the 
transaction, can be used as evidence in resolving the dissatisfaction of the user 18 with 
respect to the service received, thus helping guarantee a fair exchange in the electronic 
10 transaction. The TTP 22 is now able to return a detailed report to the user 18 about the 
transaction via the browser 102. 

For the purposes of this application, the descriptive phrase "highly secure 
payment protocol" is any protocol for which the level of security in making a payment 

15 is higher than that provided by a communications protocol used to send payment 
information between the user 18 and the TTP 22. The preferred highly secure payment 
protocol is the SET protocol which provides authentication for each participant and is 
specifically designed to handle payments-only information such as credit card 
information. The descriptive phrase "low resource-intensive protocol" refers to any 

20 protocol which requires less computer resources than the highly secure payment 
protocol. The preferred low resource-intensive protocol is the SSL protocol. In 
addition, for the purposes of this application, "secure" means that the protocol ensures 

(1) integrity, in that no one can undetectably change the contents of the message, and 

(2) confidentiality, in that no one can read the content of a message unless it is 
25 included in the actual address of the recipient. 

The method 10 is enabled through the application of three submethods 200, 
300, and 400, each of which controls the interactions of the method on one end of a 
particular network link 14 or 24 (i.e., from the perspective of either the TTP 22, the 
30 user 18, or the merchants 20a - 20d). 
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Referring now to Fig. 6a, the first submethod 200 controls the interactions 
between the TTP 22 and the user 18 and between the TTP and the merchants 20a - 
20d. This first submethod 200 enables the TTP 22, interfacing with a user 18 on an 
insecure network 12, to offer the user the ability to browse, compare, and purchase 
5 using secure payment facilities irrespective of the level of security in communications 
between the user and the TTP. This submethod 200 includes the following steps. In 
step 202, using a low resource-intensive secure communication protocol, the TTP 22 
receives a request of a user 18 for information concerning products of interest. In step 
204, the TTP 22 gathers the requested information from the merchants 20a - 20d. In 

10 step 206, the TTP 22 transmits this requested information to the user 18 via an 
interactive window 110. In step 208, the user 18 selects a product offered by a 
merchant 20d and generates a payment order which the TTP 22 receives. In step 210, 
using a highly secure payment protocol, the TTP 22 transmits the payment order to the 
selected merchant 20d who may then receive payment thereon, and, subsequently, 

15 transmit confirmation of the payment to the TTP. In step 212, the TTP 22 transmits 
confirmation of payment to the user 18. 

Referring now to Fig. 6b, the second submethod 300 enables a user 18 to 
browse, compare, and purchase products offered by merchants 20a - 20d using secure 

20 payment facilities irrespective of the available level of security in communications 
between the user and the merchants. The second submethod 300 includes the 
following steps. In step 302, the user 18 uses a low resource-intensive secure 
communication protocol to transmit requests for information concerning the products 
of interest provided by the merchants 20a - 20d to the TTP 22. The TTP 22, in turn, 

25 accesses this information from the corresponding merchants 20a - 20d using the SSL 
protocol. In step 304, the user 18 receives such requested information via an 
interactive window 110 (shown in Fig. 4) configured by the TTP 22. In step 306, the 
user 18 selects a product offered by a merchant 20d and creates a payment order which 
is transmitted to the merchant by the TTP 22 using a highly secure payment protocol. 

30 The selected merchant 20d receives payment corresponding to the payment order. In 
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step 308, the user 18 awaits and receives confirmation of payment from the selected 
merchant 20d or the TTP 22. 

Referring now to Fig. 6c, the third submethod 400 enables a merchant 20d to 
5 offer products in a forum in which users 18 may browse, compare features of the 
merchant's products with products offered by other merchants 20a - 20c and purchase 
such products using secure payment facilities, irrespective of the security in 
communications between the user and the merchant. The third submethod 400 
includes the following steps. In step 402, a merchant 20a, 20b, 20c, or 20d receives a 

10 request from the TTP 22 for product information. In step 404, a merchant 20a, 20b, 
20c, or 20d provides product information through an interactive window 110 (shown in 
Fig. 4) over a network 12 to the TTP 22. In step 406, using a highly secure payment 
protocol, a selected merchant 20d receives a payment order from the user 18 through 
the TTP 22. In step 408, using a highly secure payment protocol, the merchant 20d 

15 obtains payment on the payment order. In step 410, the merchant 20d transmits 
confirmation of receipt of payment to the TTP 22 who may in turn provide 
confirmation to the user 18. 

The computerized method of the invention is encoded in computer-readable 
20 media which operates on, in, and between the servers of the merchants 20a - 20d, the 
server of the TTP 22 and the PC of the user 18 over network lines 14 and 24. The 
submethods 200, 300, and 400 described above are encoded in computer-readable 
media which control a PC, the CPU of an X-terminal 34 or its associated server or host 
computer such that the appropriate interfaces are generated which facilitate the 
25 reception of inputs, and such that outputs are encrypted, reformatted in a form which 
the recipient can receive, and transmitted in such form. 

An object of the invention is to provide support for fair exchange and 
anonymity of the user 18 with respect to the selected merchant 20d. 

30 
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Another object of the invention is to provide an efficient and secure means of 
permitting electronic commerce on products which traditionally have not been 
available electronically, such as insurance services. 

5 Another object of the invention is to provide a means for a user 18 of hand-held 

devices such as Personal Digital Assistants ("PDAs"), mobile phones, and pocket 
computers to use such devices to more securely transact electronic commerce. This is 
possible because, although hand-held devices generally have insufficient processing 
power to utilize the SET protocol, many such devices have sufficient processing power 

10 to effectively use the SSL protocol. The SSL protocol provides adequate security when 
connecting with the server of the TTP 22. As mentioned above, allowing the TTP 22 
to handle the details of the transaction, including payment, using the SET protocol, 
allows the TTP to act as a proxy for the user 18, thus significantly improving security 
in conducting the transaction (as compared with merely connecting directly with 

15 merchants 20a - 20d using the SSL protocol). Thus, another object of the invention is 
to permit the transaction of electronic commerce with maximum security (given 
computer resources) within a commercially acceptable time frame (i.e., short enough to 
enable all essential parties involved to realize a net benefit from the transaction). 

20 Multiple variations and modifications are possible in the embodiments of the 

invention described here. Although certain illustrative embodiments of the invention 
have been shown and described here, a wide range of modifications, changes, and 
substitutions is contemplated in the foregoing disclosure. In some instances, some 
features of the present invention may be employed without a corresponding use of the 

25 other features. Accordingly, it is appropriate that the foregoing description be 
construed broadly and understood as being given by way of illustration and example 
only, the spirit and scope of the invention being limited only by the appended claims. 
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Industrial Applicability 

A novel and effective method 10 of integrating three security concepts, namely 
that of a Trusted Third Party, and the SSL and SET protocols is described which allows 
5 a user 18 to browse and purchase with a high level of security and anonymity while 
requiring a minimum set of computer resources of the user, thus permitting the user to 
participate in electronic commerce using simple hand-held devices such as PDAs, 
mobile phones, or pocket computers. Such method 10 is industrially applicable to 
machine or machine-run processes which apply such protocols in the context of 
10 commercial electronic transactions. 
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Claims 

1. A computerized method of transacting electronic commerce in an insecure network 
(12), the method (10) improving data security in the insecure network (12) by: 

• operating on and between a user (18) which has established a commercial relation- 
5 ship with a certified trusted third party (22), and merchants (20a-20d); and 

• utilizing a network link (14, 24) between the user (18) and the trusted third party 
(22) and a network link (14, 24) between the certified trusted third party (22) and 
the merchants (20a-20d); and 

• utilizing a communication protocol which operates on the network link (14, 24) 
10 between the user (18) and the certified trusted third party (22) and 

• utilizing a payment protocol, which is more secure than the communication proto- 
col, which operates on the network link (14, 24) between the certified trusted third 
party (22) and the merchants (20a-20d), whereby 

• the reduced security of the communication protocol is improved by the trust to the 
15 trusted third party being established via an authentication using a certificate issued 

by a certification authority. 

2. The method of claim 1 wherein a server of the trusted third party (22) which is built 
into a housing (30) including a terminal interface permits users (18) to select and 
purchase insurance products of insurance companies at a remote site such as at an 

20 airport. 

3. The method of claim 1 wherein the trusted third party (22) is an employment consult- 
ant certified as a trusted third party (22), the merchants (20a-20d) are companies 
seeking employees, and the users (18) are persons seeking employment. 

4. The computerized method of claim 1 comprising: 
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• permitting the user (18), using a browser (54, 102) and a communication protocol, to 
access the trusted third party (22) in order to request broker services; 

• the trusted third party (22) gathering information from web servers of the merchants 
(20a-20d) which offer competitive products which may satisfy the user's request; 

5 • the browser (54, 102) presenting an interactive window to the user (18) which 
allows the user (18) to compare differences between the competitive products and 
choose between the competitive products; 

• the user (18) choosing between the competitive products, thus selecting a merchant 
and issuing a payment order through the trusted third party (22) for the benefit of the 

10 merchant; 

• the trusted third party (22) transmitting the payment order to the merchant using a 
payment protocol, which is more secure than the communication protocol, thus 
paying the merchant on behalf of the user (18); and 

• the merchant and a bank (26) cooperating using a payment protocol, which is more 
15 secure than the communication protocol enabling the merchant to receive payment 

from the bank (26). 

5. The computerized method of claim 4 additionally comprising providing confirmation 
of payment on the payment order to the user (18). 

6. The computerized method of claim 4 wherein the communication protocol is the SSL 
20 protocol, the payment protocol is the SET protocol, the browser (54, 102) is JAVA- 

enabled, and the interactive window is an applet. 

7. A computerized method of enabling a trusted third party (22), interfacing with users 
(18) on an insecure network (12), to offer users (18) the ability to browse and compare 
information and purchase products, using secure payment facilities irrespective of the 

25 level of security in communications between the user (18) and the trusted third party 

(22), the method (10) comprising : 
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• using a communication protocol, presenting a user (1 8) with an interface from which 
the user (18) can browse and request information concerning the products of 
merchants (20a-20d), and compare such information via an interactive window; 

• gathering the requested information from merchants (20a-20d); 

5 • using a communication protocol, providing the requested information to the user (18) 
via the interactive window; 

• upon the user's selection of a product offered by a merchant, receiving the user's 
payment order; 

• using a payment protocol, which is more secure than the communication protocol, 
transmitting the payment order to the selected merchant who may then receive 
payment thereon, and, subsequently, transmit corifirmation of payment thereon to the 
trusted third party (22) whereby the reduced security of the communication protocol 
is improved by the trust to the trusted third party being established via an authentica- 
tion under use of a certificate issued by a certification authority; and 

• transmitting confirmation of payment to the user (18). 

8. The computerized method of claim 7 wherein the user (18) browses using a browser 
(54, 102) which is JAVA-enabled, and the interactive window is an applet. 

9. The computerized method of claim 7 wherein the communication protocol is the SSL 
protocol and the payment protocol is the SET protocol. 

10. A computerized method enabling a user (18) to browse and compare information and 
purchase products offered by merchants (20a-20d) using secure payment facilities 
irrespective of the available level of security in communications between the user (18) 
and the merchant, the method (10) comprising: 

• using a communication protocol, transmitting requests for information concerning 
25 the products of interest provided by the merchants (20a-20d) to a trusted third party 

(22); 
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• receiving such information via an interactive window configured by the trusted 
third party (22) ; 

• upon the user's selection of a product offered by a merchant, creating a payment 
order which is transmitted to the merchant by the trusted third party (22) using a 
payment protocol, which is more secure than the communication protocol, the 
selected merchant then receiving payment thereon, whereby the reduced security of 
the communication protocol is improved by the trust to the trusted third party being 
established via an authentication using a certificate issued by a certification author- 
ity; and 

• receiving confirmation of payment. 

1 1. The computerized method of claim 10 wherein the user (18) browses using a browser 
(54, 102) which is JAVA-enabled, and the interactive window is an applet. 

12. The computerized method of claim 10 wherein the communication protocol is the 
SSL protocol and the payment protocol is the SET protocol. 

13. A computerized method enabling a merchant to offer products in a forum in which 
users (18) may browse, compare the features of the merchant's products with products 
offered by other merchants (20a-20d) and purchase such products using secure 
payment facilities irrespective of the security in communications between the user (18) 
and the merchant, the method (10) comprising: 

• receiving a request from a trusted third party (22) for information; 

• providing product information through an interactive window over a network (12) 
to the trusted third party (22) ; 

• using a payment protocol, receiving a payment order through the trusted third 
party (22) from the user (18) who uses a communication protocol; 

• using a payment protocol which is more secure than the communication protocol, 
obtaining payment on the payment order; whereby the reduced security of the 
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communication protocol is improved by the trust to the trusted third party being 
established via an authentication under use of a certificate issued by a certification 
authority and 

• transmitting corifirmation of receipt of payment to the trusted third party (22) who 
may in turn provide confirmation to the user (18). 

14. The computerized method of claim 13 wherein the user (18) browses using a browser 
(54, 102) which is JAVA-enabled, and the interactive window is an applet 

15. The computerized method of claim 13 wherein the communication protocol is the 
SSL protocol and the payment protocol is the SET protocol. 

16. A computer-readable medium encoded with a computerized method (10) of transact- 
ing electronic commerce in an insecure network (12), the method (10) improving data 
security in the insecure network (12) by: 

• operating on and between a user (18), which has established a commercial relation- 
ship with a trusted third party (22), and merchants (20a-20d); and 

utilizing a network link (14, 24) between the user (18) and the trusted third party 
(22) and a network link (14, 24) between the trusted third party (22) and the 
merchants (20a-20d); and 

• utilizing a communication protocol which operates on the network link (14, 24) 
between the user (18) and the trusted third party (22) and 

• utilizing a payment protocol, which is more secure than the communication proto- 
col, which operates on the network link (14, 24) between the trusted third party 
(22) and the merchants (20a-20d), whereby the reduced security of the communica- 
tion protocol is improved by the trust to the trusted third party being established via 
an authentication via a certificate issued by a certification authority. 

17. The method of claim 16 wherein the network link (14, 24) between the user (18) and 
the trusted third party (22) uses a communication protocol such as the SSL protocol 
and the network link (14, 24) between the trusted third party (22) and the merchant 
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uses a payment protocol, which is more secure than the communication protocol, such 
as the SET protocol. 
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User accesses TTP using SSL protocol 



TTP gathers info, on competing 
products using the SSL protocol 



-100 



-106 



User compares competing products - — - — 1 08 



User selects products 



User sends encrypted payment order 
to TTP using SSL protocol 
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TTP decrypts and sends payment order 
to selected merchant using SET protocol 
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The merchant obtains payment 
from a bank using SET protocol 
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TTP sents comfirmation of 
payment to user, received from 
merchant 
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I Buying Insurance 



You are about to Buy the Following Insurance: 



HBE3I 



Ice TP ++ from ice 
Total price: 335 
Options: 
Included: 

3rd Party Liability 

Car Fire Damage Coverage 

Audio Fire Damage Coverage 

12 Month new car replacement 

Car Theft Coverage 

Audio Theft Coverage 

24 Hour Help Line 



Your credit card data is needed to complete the purchase 
Name 



Credit Card Number: 
Credit Card Expiration Date: 
Credit Card PIN: 
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Buy 



Cancel 



Hitting the "Buy" button will transmit your data securely 
and trigger the purchase 
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Fig. 5 
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Receive request a user for 
product info, via the SSL protocol 
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Gather request info. Using the SSL protocol -^-204 



Transmit info, to user using the 
SSL protocol 



Receive selection of user 
using the SSL protocol 



Transmit payment order to selected 
merchant using the SET protocol 



Await confirmation of order. If 
received, transmit to user 
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User request product info, from TTP 
via the SSL protocol 



User receives requested info, from 
the TTP using the SSL protocol 



User Selects product and sends 
payment order to TTP using the 
SSL protocol 



User awaits confirmation of 
payment 
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Merchant receives request for 
product info, from TTP via the 
SSL protocol 



Merchant provides requested info, to 
the TTP using the SSL protocol 



If selected, merchant receives a 
payment order from the TTP 
using the SET protocol 



Merchant obtains payment on 
payment order through a bank 
using the SET protocol 



Merchant transmits confirmation of 
payment to TTP 
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